I would like to have an option in the security settings for Business accounts that allows me to specify some team members that cannot see the seed value/string behind the TOTP codes in a specific vault. I'm OK if they can scan a QR code or ADD a new seed value/string to an entry, but once it's saved, I'd like them to not be able to see/copy the actual seed value, though I do want them to be able to see the currently-generated TOTP 6-digit code, and I DO want them (I think? Maybe a separate permission?) to be able to overwrite the existing value with a new seed to set a new TOTP seed (with a history kept for admins), but then not be able to view more than the actual 6-digit code.
For reference, there was an IT Glue issue per https://www.linkedin.com/pulse/glue-totp-code-exposure-jason-slagle/ where IT Glue sent the entire TOTP seed to the web client for any user accessing a password with a TOTP-integrated code. This isn't great, and they fixed it, but it did make me think that it would be nice if 1Password could similarly make it difficult for some non-admin users to obtain the seed for TOTP purposes once set, and just be able to see the code.
I did check the permissions list and it doesn't appear to be a current option.
1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Browser:_ Not Provided